Discusing the EU's new NIS Cyber Security Directive ahead of the European Maritime Cyber Risk Management Summit in London, Norton Rose Fulbright partner Philip Roche said shipowners would not be directly affected.
Cyber security rules for shipping would continue to be the domain of IMO policy and flag state regulations, he said.
However, it appears that one of the outcomes of the EU’s NIS Directive, which came into effect this month, will be to tighten cyber security at ports including around interactions between freight handling companies and ports.
In particular, the regulations are likely to see an increase in the use of blockchain-type technologies, Mr Roche said.
And along with the industry's growing reliance on technology comes an amplified potential for cyber attack.
“That increasing reliance on IT is going to mean an increasingly big risk, so the appropriate and proportionate (security) measures … it is hard to imagine (security measures) being out of proportion. You almost cannot take enough precautions,” he said.
Facing these threats, ports will in turn be required to tighten cyber security protocols with the freight handling companies who operate there, he said.
“Where there is going to be a lot closer interface is with the … trucking companies, with freight forwarders and with logistics companies who basically do their business out of the port,” Mr Roche said.
He said ports that do not handle the inevitable technological changes well may face a loss of customers.
“In most places, people have an option as to which port to go to. And, so if you have ports which are … constantly going down because of cyber issues and are not taking the necessary precautions of keeping the port efficient and running, then people are going to go elsewhere,” he said.
Apart from any inconveniences with ports who handle the change badly, the impacts of the NIS Directive are currently minimal for shipowners, Mr Roche said.
“I think shipowners will remain an island unto themselves. So long as they have taken the necessary precautions as set down by the IMO and flag states, they will come and go reasonably as they [have in the past],” he said.
However, he said could foresee a time when a leaner and more competitive industry would push cyber requirements onto shipping. If not now, the seamless logistics supply chain will eventually materialise, he said.
“Eventually, I think they will all be connected together,” he said.
And the entry of a major player from the tech industry is one force that could, eventually, propel the industry towards this more seamless, integrated model.
“In a way, what is going to change the shipping industry is not the shipping industry. It is going to be the disruptive technologies coming in, the Amazons and Googles wanting to have these basically seamless transport networks with smaller ships,” Mr Roche said.
However, Mr Roche said he was less than certain that a market entry from those tech sector giants would have as much of an impact as shipowners and operators may fear.
“It seems to me you still need to have big, heavy, metal ships on the water,” he said. “And, of course, tech (the industry) does not seem to like heavy industry (as an investment). You have seen tech struggle to replace cars (with driverless automobiles), let alone running (autonomous) ships.”
Philip Roche is conference chairman of the upcoming European Maritime Cyber Risk Management Summit and will be speaking about the current cyber-related regulatory and risk assessment outlook for the shipping industry.